US12182153B2ActiveUtilityPatentIndex 31
Digital forensics tool and method
Est. expiryJul 15, 2041(~15 yrs left)· nominal 20-yr term from priority
Inventors:PALAZZO ROBERTARMISTEAD KERRYDICKERSON ANDREAFISHER JUSTINMILES DAVIDSMALLEY DAVIDTHOMAS BRADENTHRASHER PHILIP
G06Q 50/265G06F 16/254
31
PatentIndex Score
0
Cited by
13
References
40
Claims
Abstract
A digital forensics tool and associated method are disclosed for extracting digital data from a user computing device, transforming and analyzing the digital data, and generating an interactive user interface that facilitates the identification of important digital data, such as for a criminal investigation.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A digital forensics method comprising:
coupling one or more extraction computing devices to one or more mobile devices;
extracting, by the one or more extraction computing devices, a first set of digital data from the one or more mobile devices;
filtering, by the one or more extraction computing devices, the first set of digital data into a second set of digital data comprising one or more flat text files and not including certain types of data in the first set of digital data;
receiving, by a cloud server from the one or more extraction computing devices, the second set of digital data;
transforming, by the cloud server, the second set of digital data into a third set of digital data of a normalized format;
analyzing, by the cloud server, the third set of digital data to generate results; and
generating a user interface, on a user computing device, to display one or more of an interactive map derived from location data in the results, a timeline of communications to or from the one or more mobile devices contained in the results, and a network graph indicating relationships between contacts in the results and frequency of communications with contacts in the results.
2. The method of claim 1 , wherein the extracting is performed by one or more extraction computing devices connected to the one or more mobile devices.
3. The method of claim 1 , wherein the extracting is performed by a software agent installed on the one or more mobile devices.
4. The method of claim 1 , wherein the filtering prioritizes a type of data in the first set of digital data in response to a command entered by a user.
5. The method of claim 1 , wherein the transforming step comprises:
automatically parsing data in the second set of data from files and databases associated with one or more applications into the normalized format independent of source.
6. The method of claim 1 , further comprising:
recording the location of the first set of digital data within the one or more mobile devices during the filtering step and recording all transformations of data during the transforming step.
7. The method of claim 1 , further comprising:
providing access to the results and some or all of the second set of digital data to one or more additional user computing devices.
8. The method of claim 1 , further comprising:
storing contact information identified in the third set of digital data into a database.
9. The method of claim 8 , further comprising:
cross-referencing data in the database with contact information obtained from one or more other mobile devices.
10. The method of claim 1 , further comprising:
generating an alert when the third set of digital data contains contact information previously flagged by a user computing device.
11. The method of claim 1 , wherein the user interface comprises an interactive interface allowing actions comprising changing time scales, filtering content by source, zooming in and out of maps, and scrolling through sequential photos.
12. The method of claim 1 , wherein the analyzing comprises identifying an individual using a plurality of forms of identification.
13. The method of claim 12 , wherein the plurality of forms of identification comprise two or more of first name, last name, nickname, phone number, email address, username, account ID, and device identifier.
14. The method of claim 1 , wherein the results comprise one or more pattern of life anomalies.
15. The method of claim 14 , wherein the one or more pattern of life anomalies comprise variations in typical locations, timing patterns, communications, and behaviors.
16. The method of claim 1 , wherein the generating further comprises displaying a timeline and displaying some or all of the results on the timeline.
17. The method of claim 1 , wherein the generating further comprises displaying a map showing a location of the one or more mobile devices using data from a plurality of sources.
18. The method of claim 1 , wherein the generating further comprises displaying media from a plurality of sources.
19. The method of claim 1 , wherein the generating further comprises displaying communications from a plurality of sources.
20. The method of claim 1 , wherein the results comprise one or more of device name, operating system version, model, serial number, and passcode.
21. A digital forensics tool comprising:
one or more computing devices storing instructions to perform the following steps when executed:
extracting a first set of digital data from one or more mobile devices;
filtering the first set of digital data into a second set of digital data comprising one or more flat text files and not including certain types of data in the first set of digital data;
transforming the second set of digital data into a third set of digital data of a normalized format;
analyzing the third set of digital data to generate results; and
generating a user interface to display one or more of an interactive map derived from location data in the results, a timeline of communications to or from the one or more mobile devices contained in the results, and a network graph indicating relationships between contacts in the results and frequency of communications with contacts in the results.
22. The digital forensics tool of claim 21 , wherein the extracting is performed by one or more extraction computing devices connected to the one or more mobile devices.
23. The digital forensics tool of claim 21 , wherein the extracting is performed by a software agent installed on the one or more mobile devices.
24. The digital forensics tool of claim 21 , wherein the filtering prioritizes a type of data in the first set of digital data in response to a command entered by a user.
25. The digital forensics tool of claim 21 , wherein the transforming step comprises:
automatically parsing data in the second set of data from files and databases associated with one or more applications into the normalized format independent of source.
26. The digital forensics tool of claim 21 , wherein the one or more computing devices store instructions to perform the following step:
recording the location of the first set of digital data within the one or more mobile devices during the filtering step and recording all transformations of data during the transforming step.
27. The digital forensics tool of claim 21 , wherein the one or more computing devices store instructions to perform the following step:
providing access to the results and some or all of the second set of digital data to one or more additional user computing devices.
28. The digital forensics tool of claim 21 , wherein the one or more computing devices store instructions to perform the following step:
storing contact information identified in the third set of digital data into a database.
29. The digital forensics tool of claim 28 , wherein the one or more computing devices store instructions to perform the following step:
cross-referencing data in the database with contact information obtained from one or more other mobile devices.
30. The digital forensics tool of claim 21 , wherein the one or more computing devices store instructions to perform the following step:
generating an alert when the third set of digital data contains contact information previously flagged by a user computing device.
31. The digital forensics tool of claim 21 , wherein the user interface comprises an interactive interface allowing actions comprising changing time scales, filtering content by source, zooming in and out of maps, and scrolling through sequential photos.
32. The digital forensics tool of claim 21 , wherein the analyzing comprises identifying an individual using a plurality of forms of identification.
33. The digital forensics tool of claim 32 , wherein the plurality of forms of identification comprise two or more of first name, last name, nickname, phone number, email address, username, account ID, and device identifier.
34. The digital forensics tool of claim 21 , wherein the results comprise one or more pattern of life anomalies.
35. The digital forensics tool of claim 34 , wherein the one or more pattern of life anomalies comprise variations in typical locations, timing patterns, communications, and behaviors.
36. The digital forensics tool of claim 21 , wherein the generating further comprises displaying a timeline and displaying some or all of the results on the timeline.
37. The digital forensics tool of claim 21 , wherein the generating further comprises displaying a map showing a location of the one or more mobile devices using data from a plurality of sources.
38. The digital forensics tool of claim 21 , wherein the generating further comprises displaying media from a plurality of sources.
39. The digital forensics tool of claim 21 , wherein the generating further comprises displaying communications from a plurality of sources.
40. The digital forensics tool of claim 21 , wherein the results comprise one or more of device name, operating system version, model, serial number, and passcode.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.